I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?

  • sludge@lemmy.mlEnglish
    3·
    25 days ago

    And since i don’t post my valid urls anywhere no web-scraper can find them

    You would ah… be surprised. My urls aren’t published anywhere and I currently have 4 active decisions and over 300 alerts from crowdsec.

    It’s true none of those threat actors know my valid subdomains, but that doesn’t mean they don’t know I’m there.

    • Gagootron@feddit.orgEnglish
      1·
      25 days ago

      Of course i get a bunch of scanners hitting ports 80 and 443. But if they don’t use the correct domain they all end up on an Nginx server hosting a static error page. Not much they can do there

      • DefederateLemmyMl@feddit.nlEnglish
        1·
        25 days ago

        This is how I found out Google harvests the URLs I visit through Chrome.

        Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.

        • zod000@lemmy.mlEnglish
          1·
          25 days ago

          This is true, and is why I annoyingly have to keep robots.txt on my unpublished domains. Google does honor them for the most part, for now.

          • DefederateLemmyMl@feddit.nlEnglish
            3·
            24 days ago

            That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”, after it had uninvitedly crawled it.

            A common issue it seems.

            • zod000@lemmy.mlEnglish
              1·
              24 days ago

              Unsurprising, but still shitty. Par for the course for the company these days.